Beginning December 5 2022, Role Based Access Control (RBAC) for Stream Governance and ksqlDB will start rolling out to all Confluent Cloud customers. The roll-out is expected to be complete by December 18, 2022. This new feature allows customers to restrict access to users of Schema Registry and ksqlDB clusters.
After rolling out this feature, changes in your Confluent Cloud Organization might appear. Be assured that these changes will not interrupt access to your existing deployments.
Here is a quick summary of the changes:
- ResourceOwner privileges on Schema Registry are automatically granted to all user and service accounts that have existing API keys for Schema Registry clusters or existing CloudClusterAdmin privileges on any cluster in the same environment as Schema Registry
- KSQLAdmin privileges on ksqlDB clusters are automatically granted to all user and service accounts with existing API keys for ksqlDB.
- RBAC REST API now supports pagination with a default of 100 role-bindings per page. Please update your automation tools to reflect this new capability.
- For new deployments, additional steps may be required to grant the necessary permissions.
For details on the roles and the upcoming changes, please review the Confluent Cloud RBAC documentation here:
https://docs.confluent.io/cloud/current/access-management/access-control/cloud-rbac.html
If you have any questions or need help, please reach out to Confluent Support.